ssh登錄問題

1.錯誤描述

當我想ssh slave節點時，出現以下錯誤

[cpp] view plain copy

1. hadoop@xuwei-laptop:~$ ssh slave  

2. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  

3. @       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @  

4. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  

5. The RSA host key for slave has changed,  

6. and the key for the corresponding IP address 192.168.0.42  

7. is unchanged. This could either mean that  

8. DNS SPOOFING is happening or the IP address for the host  

9. and its host key have changed at the same time.  

10. Offending key for IP in /home/hadoop/.ssh/known_hosts:9  

11. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  

12. @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @  

13. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@  

14. IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!  

15. Someone could be eavesdropping on you right now (man-in-the-middle attack)!  

16. It is also possible that the RSA host key has just been changed.  

17. The fingerprint for the RSA key sent by the remote host is  

18. e1:e0:28:39:6d:fb:d6:45:72:71:c1:ec:3d:ef:78:19.  

19. Please contact your system administrator.  

20. Add correct host key in /home/hadoop/.ssh/known_hosts to get rid of this message.  

21. Offending key in /home/hadoop/.ssh/known_hosts:5  

22. RSA host key for slave has changed and you have requested strict checking.  

23. Host key verification failed.  

錯誤緣由是由於我修改過slave節點。就是第一次我ssh slave節點的ip是192.168.0.10，而第二次的時候slave的ip變爲了192.168.0.50.這個時候我在使用ssh slave命令就會出現上述錯誤。

3.問題解釋

用OpenSSH的人都知ssh會把你每一個你訪問過計算機的公鑰(public key)都記錄在~/.ssh/known_hosts。當下次訪問相同計算機時，OpenSSH會覈對公鑰。若是公鑰不一樣，OpenSSH會發出警告， 避免你受到DNS Hijack之類的攻擊。所以咱們如今只須要刪除knows_hosts文件中所對應的slave節點的公鑰，而後再ssh slave就能夠了。咱們使用命令

[cpp] view plain copy

1. sudo gedit known_hosts  

打開known_hosts，可是咱們發現文件內的內容根本找不到slave，文件內容以下

[cpp] view plain copy

1. |1|Xv9OoqvMzLO8ZB6RBgo5huXiJsM=|zwBphczddm/ogCsQfJJb8pO8CNo= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3fvljAowPKD9Lx4GkF75FQfj1edEPLTsY9TQv7S5mDS6RB8YvgP9SQxnqt0Dr+IpiDpRg6y7iv6Qm6WC4dOd4jJCPfbI4FUbGTkwLL4qeKo0+ZHZUS2ByeMd+PbqM0iIubKBsNBebA5c+RvqOCneYHOkrTKtwJsq2NnwhgFBz0odeFF7G7tBq6huK7KqikXZauEk7B4gnbtSiD2pG1XZzEUeXq8qEFLjWFPKBRYr8/AL/RZjktJRj98mCRtXCB9tef3DhFkHnXODfC/LzMX3vkQP2ahP4kbNmtXM8nkK2YFx0emAL07h66j89k9ByXzuN0mGw2QKcjFkDWNVkwk6CQ==  

2. |1|peUXkOx+hnb6XQZZGGwMhOXAj04=|mqdXqRTi/MiqARL+dylDygmDgpk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3fvljAowPKD9Lx4GkF75FQfj1edEPLTsY9TQv7S5mDS6RB8YvgP9SQxnqt0Dr+IpiDpRg6y7iv6Qm6WC4dOd4jJCPfbI4FUbGTkwLL4qeKo0+ZHZUS2ByeMd+PbqM0iIubKBsNBebA5c+RvqOCneYHOkrTKtwJsq2NnwhgFBz0odeFF7G7tBq6huK7KqikXZauEk7B4gnbtSiD2pG1XZzEUeXq8qEFLjWFPKBRYr8/AL/RZjktJRj98mCRtXCB9tef3DhFkHnXODfC/LzMX3vkQP2ahP4kbNmtXM8nkK2YFx0emAL07h66j89k9ByXzuN0mGw2QKcjFkDWNVkwk6CQ==  

3. |1|2Agq45UHkRDXi73GGuTp7+ONWyQ=|wfAq9PffuqQch0E1tsFJDGlAPQk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3fvljAowPKD9Lx4GkF75FQfj1edEPLTsY9TQv7S5mDS6RB8YvgP9SQxnqt0Dr+IpiDpRg6y7iv6Qm6WC4dOd4jJCPfbI4FUbGTkwLL4qeKo0+ZHZUS2ByeMd+PbqM0iIubKBsNBebA5c+RvqOCneYHOkrTKtwJsq2NnwhgFBz0odeFF7G7tBq6huK7KqikXZauEk7B4gnbtSiD2pG1XZzEUeXq8qEFLjWFPKBRYr8/AL/RZjktJRj98mCRtXCB9tef3DhFkHnXODfC/LzMX3vkQP2ahP4kbNmtXM8nkK2YFx0emAL07h66j89k9ByXzuN0mGw2QKcjFkDWNVkwk6CQ==  

4. |1|GT/tN5xUgbRZhRt31sCAnpWPtH4=|mkxeWxXDrk9XSLo2DtIwvD/J9w4= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3fvljAowPKD9Lx4GkF75FQfj1edEPLTsY9TQv7S5mDS6RB8YvgP9SQxnqt0Dr+IpiDpRg6y7iv6Qm6WC4dOd4jJCPfbI4FUbGTkwLL4qeKo0+ZHZUS2ByeMd+PbqM0iIubKBsNBebA5c+RvqOCneYHOkrTKtwJsq2NnwhgFBz0odeFF7G7tBq6huK7KqikXZauEk7B4gnbtSiD2pG1XZzEUeXq8qEFLjWFPKBRYr8/AL/RZjktJRj98mCRtXCB9tef3DhFkHnXODfC/LzMX3vkQP2ahP4kbNmtXM8nkK2YFx0emAL07h66j89k9ByXzuN0mGw2QKcjFkDWNVkwk6CQ==  

5. |1|hMbmluXaSJKOv4bZydZ75Ye3OUc=|rcfbiV7hrXoaDt02BrVb9UxJSqI= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0d8quvKVdc0b620eAY46ucB87dK/Q1EqEsPOdUltfEpr7/r9hCG+yJqjM6l3roOzkkc9Fi/iZEx0pvIgDdtD+n5YEQrQu81/mj1cWXmkN9xuXvqv9BZxOTeETRF5g1cL0yr4T91CmvXIMewUzv1fE1pWOzZvMKj8SqMOn7PpTjQhpDoS8SkTuNO81k41DkyrDe3DIRL0yC6aUGTF3YOTAe4DbpF8jMHD3+wDm4JT//ULRNKSwRQPOb57XWHy9GLHm89oOm2e8wrjrz84nCRJ5hgJdsjaPt3qJEEGeb8OAMj2fevyu+e1KDF3KExSE0jGBegEWpJilxaD8AV4+1CHsw==  

6. |1|5BwBb0f3G3TO2JJ0ATWbGrFOfjA=|Mr+5xsBD6SDMpg9ITPpDT3r6ULc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0d8quvKVdc0b620eAY46ucB87dK/Q1EqEsPOdUltfEpr7/r9hCG+yJqjM6l3roOzkkc9Fi/iZEx0pvIgDdtD+n5YEQrQu81/mj1cWXmkN9xuXvqv9BZxOTeETRF5g1cL0yr4T91CmvXIMewUzv1fE1pWOzZvMKj8SqMOn7PpTjQhpDoS8SkTuNO81k41DkyrDe3DIRL0yC6aUGTF3YOTAe4DbpF8jMHD3+wDm4JT//ULRNKSwRQPOb57XWHy9GLHm89oOm2e8wrjrz84nCRJ5hgJdsjaPt3qJEEGeb8OAMj2fevyu+e1KDF3KExSE0jGBegEWpJilxaD8AV4+1CHsw==  

7. |1|UVN6ra08UPwZpm4ZmW6YjAC2Zvg=|dDwgm6Ep/OdeicdFkqXJS46gTmo= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3fvljAowPKD9Lx4GkF75FQfj1edEPLTsY9TQv7S5mDS6RB8YvgP9SQxnqt0Dr+IpiDpRg6y7iv6Qm6WC4dOd4jJCPfbI4FUbGTkwLL4qeKo0+ZHZUS2ByeMd+PbqM0iIubKBsNBebA5c+RvqOCneYHOkrTKtwJsq2NnwhgFBz0odeFF7G7tBq6huK7KqikXZauEk7B4gnbtSiD2pG1XZzEUeXq8qEFLjWFPKBRYr8/AL/RZjktJRj98mCRtXCB9tef3DhFkHnXODfC/LzMX3vkQP2ahP4kbNmtXM8nkK2YFx0emAL07h66j89k9ByXzuN0mGw2QKcjFkDWNVkwk6CQ==  

8. |1|QLl8/P9ESKa1gVjgt9CVMT0a1Rw=|HopDtnlmB0JoXC5Y0kAAKMja1EA= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3fvljAowPKD9Lx4GkF75FQfj1edEPLTsY9TQv7S5mDS6RB8YvgP9SQxnqt0Dr+IpiDpRg6y7iv6Qm6WC4dOd4jJCPfbI4FUbGTkwLL4qeKo0+ZHZUS2ByeMd+PbqM0iIubKBsNBebA5c+RvqOCneYHOkrTKtwJsq2NnwhgFBz0odeFF7G7tBq6huK7KqikXZauEk7B4gnbtSiD2pG1XZzEUeXq8qEFLjWFPKBRYr8/AL/RZjktJRj98mCRtXCB9tef3DhFkHnXODfC/LzMX3vkQP2ahP4kbNmtXM8nkK2YFx0emAL07h66j89k9ByXzuN0mGw2QKcjFkDWNVkwk6CQ==  

9. |1|QZa400OJbWjQNrKTQdqlNvJkyEs=|yVD3EAylkfJaW43kRSUIFcJla10= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3fvljAowPKD9Lx4GkF75FQfj1edEPLTsY9TQv7S5mDS6RB8YvgP9SQxnqt0Dr+IpiDpRg6y7iv6Qm6WC4dOd4jJCPfbI4FUbGTkwLL4qeKo0+ZHZUS2ByeMd+PbqM0iIubKBsNBebA5c+RvqOCneYHOkrTKtwJsq2NnwhgFBz0odeFF7G7tBq6huK7KqikXZauEk7B4gnbtSiD2pG1XZzEUeXq8qEFLjWFPKBRYr8/AL/RZjktJRj98mCRtXCB9tef3DhFkHnXODfC/LzMX3vkQP2ahP4kbNmtXM8nkK2YFx0emAL07h66j89k9ByXzuN0mGw2QKcjFkDWNVkwk6CQ==  

10. |1|yp3zvqWQ6ChoV+KJiRhaNUHVaaA=|Zh9+UnUaW8W1XTCXh8oaOjnsCGM= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs6IHrmuZwTilgYsOjwiOfQP1u1c3Aj6MH2EOaypGYxccDddcQu6QoKhVXQZWMZFt7W6MeZUa/QKqNVmcpho4NubyCpxfkBIybPzqbqQif8EmYrCCsbaU41hQppISrXNdlcn/S7TKM9T6sbQV1/moYScjQ4kEO+MchVmuIY5cm8kz5p8jxklSF2xFftB+kz7RmMJN3+GcGHOcgACngtxqFnqXfNF8RV1wv2lP5wLui7cv7V+pogExckzqiNfJMPnt8SCMvODHVMRnlJC5yOtpkDKH29X056KeYtK40KhMCQL9UMHfRPQgvQL0qArQ65RLevIckZ8YehOG9aCXbcWzBw==  

11. |1|QLuhhDXvYoefLiZ7+fw5A9ErlV4=|bWOSl44257+rbK1Fn4zwMY8GE3c= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs6IHrmuZwTilgYsOjwiOfQP1u1c3Aj6MH2EOaypGYxccDddcQu6QoKhVXQZWMZFt7W6MeZUa/QKqNVmcpho4NubyCpxfkBIybPzqbqQif8EmYrCCsbaU41hQppISrXNdlcn/S7TKM9T6sbQV1/moYScjQ4kEO+MchVmuIY5cm8kz5p8jxklSF2xFftB+kz7RmMJN3+GcGHOcgACngtxqFnqXfNF8RV1wv2lP5wLui7cv7V+pogExckzqiNfJMPnt8SCMvODHVMRnlJC5yOtpkDKH29X056KeYtK40KhMCQL9UMHfRPQgvQL0qArQ65RLevIckZ8YehOG9aCXbcWzBw==  

        OpenSSH在4.0p1引入了 Hash Known Hosts功能，在known_hosts中把訪問過的計算機名稱或IP地址以hash方式存放，令入侵都不能直接知道你到訪過那些計算機。這項新項功能 缺省是關閉的，要你手動地在ssh_config加上\"HashKnownHosts yes\"纔會被開啓。不過Ubuntu就缺省開啓了個功能。
        然而，偶然一些計算機的ssh公鑰是合理地被更動。雖然遇到這些狀況OpenSSH會發出驚告並禁止你進入該計算機。以往當咱們肯定該次 ssh公鑰被更動沒有可疑時，咱們用文字編輯器開啓known_hosts，把相關的公鑰記錄刪掉就能夠了。但如今由於全部計算機名稱或IP地址都被 hash了，咱們很難知道那行是相關計算機的公鑰。固然咱們能夠把整個known_hosts刪除，但咱們會同時失去其餘正常計算機的ssh公鑰。 事實上OpenSSH在工具ssh-keygen加了三個選項，協助你管理hash了的known_hosts。你能夠用\"ssh-keygen -F 計算機名稱\"找出相關的公鑰，使用以下命令找出slave所對應的公鑰

[cpp] view plain copy

1. ssh-keygen -F slave  

執行命令之後獲得以下內容：

[cpp] view plain copy

1. # Host slave found: line 5 type RSA  

2. |1|hMbmluXaSJKOv4bZydZ75Ye3OUc=|rcfbiV7hrXoaDt02BrVb9UxJSqI= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0d8quvKVdc0b620eAY46ucB87dK/Q1EqEsPOdUltfEpr7/r9hCG+yJqjM6l3roOzkkc9Fi/iZEx0pvIgDdtD+n5YEQrQu81/mj1cWXmkN9xuXvqv9BZxOTeETRF5g1cL0yr4T91CmvXIMewUzv1fE1pWOzZvMKj8SqMOn7PpTjQhpDoS8SkTuNO81k41DkyrDe3DIRL0yC6aUGTF3YOTAe4DbpF8jMHD3+wDm4JT//ULRNKSwRQPOb57XWHy9GLHm89oOm2e8wrjrz84nCRJ5hgJdsjaPt3qJEEGeb8OAMj2fevyu+e1KDF3KExSE0jGBegEWpJilxaD8AV4+1CHsw==  

上述給出了slave的公鑰，以及在所在的行數。咱們去known_hosts中找到對應的公鑰將其刪除